name: Constellation verify description: "Verify a Constellation cluster." inputs: osImage: description: "The OS image used in the cluster." required: true cloudProvider: description: "The cloud provider used in the cluster." required: true runs: using: "composite" steps: - name: Clear current measurements shell: bash run: | yq -i 'del(.provider.${{ inputs.cloudProvider }}.measurements)' constellation-conf.yaml - name: Fetch & write measurements shell: bash run: | MEASUREMENTS=$(curl -sS https://cdn.confidential.cloud/constellation/v1/${{ inputs.osImage }}/image/csp/${{ inputs.cloudProvider }}/measurements.image.json | jq '.measurements' -r) for key in $(echo $MEASUREMENTS | jq 'keys[]' -r); do echo Updating $key to $(echo $MEASUREMENTS | jq ".\"$key\"" -r) yq -i ".provider.${{ inputs.cloudProvider }}.measurements.[$key].expected = $(echo $MEASUREMENTS | jq ".\"$key\"")" constellation-conf.yaml yq -i ".provider.${{ inputs.cloudProvider }}.measurements.[$key].warnOnly = false" constellation-conf.yaml done yq -i '.provider.${{ inputs.cloudProvider }}.measurements |= array_to_map' constellation-conf.yaml cat constellation-conf.yaml - name: Constellation verify shell: bash run: constellation verify --cluster-id $(jq -r ".clusterID" constellation-id.json)